I am the network administrator for a small non-profit organization. My actual job is the CFO, but because of my limited computer knowledge I do this on the side as well.

All pc's are running XP Home or Pro, through a router and then through a cable modem. We are small enough that we don't have a server.

I would like to set-up either our Lynksys WRT54GS router, or each PC so that Myspace, Facebook and Twitter is blocked. It also would be nice to also block any instant-messenger programs as well.

I am NOT looking for advice on "Fire the person", "Tell them you know they are on these sites", "Disconnect their computer from the internet", etc. I am in need of a way (software or hardware) to just block this stuff from each computer.

I've also considered altering the "Hosts" file on each pc, but then I would need to know all the URL's or IP addresses for these sites (and I've read that the IP's are continually changing).

Does anyone know how to successfully do this? I've spent the entire weekend on Google trying to figure it out, but just can't find a good fix.

I have set a couple PC's to have a static IP address (outside of the range that is automatically assigned) so that these 2 can get to any website that they need (including these I'm trying to block). The other PC's which is the majority (which I need to block these sites from) do not have static ip's and are within the range (0 to 199) of the IP's that will be blocked.

The people that work here wouldn't know about using a "proxy" to get past any blocks that I put in place, so I don't need to worry about that. I'm the only "computer tech" person here (and I'm not that great myself).

Thank you for your help. -------------

UPDATE: How can I get to my router configuration page, once I've configured OpenDNS?http://www.opendns.com/support/article/141

I set-up OpenDNS on my home Netgear router to try it out, but now I can't get back to the router config page!!!!!!!!

It's a Netgear. Usually I can do routerlogin.net or 192.168.1.1 but neither will work right now. HELP!!!!

If you want to effectively block sites, then you will need to set the router for your network to use static DNS servers from http://opendns.org. Setup an account with them. Set your blocking options and DNS lookups will fail for any sites you don't want it to work for.

jimmywalt

Senior Member - 6K

posted: Mar. 30, 2009 @ 9:10a

firetower said: If you want to effectively block sites, then you will need to set the router for your network to use static DNS servers from http://opendns.org. Setup an account with them. Set your blocking options and DNS lookups will fail for any sites you don't want it to work for.

Thank you. From what I can tell in your post, it sounds like I would have to give a list of "approved" websites. I don't want to do that since there are trillions of websites on the net. What I would like to do is to block 4 or 5 websites.

Just add the sites under the "Access Restrictions" tab. I've had trouble using the url blocking so I just add the terms "facebook, myspace, etc..." under the keyword section. I don't think the url blocking works.

If you want greater control you can buy a router that is compatible with a third party firmware (DD WRT or Tomato). Both allow restrictions for P2P

roadwarrior313

Senior Member

posted: Mar. 30, 2009 @ 1:27p

Kdogg said: Just add the sites under the "Access Restrictions" tab. I've had trouble using the url blocking so I just add the terms "facebook, myspace, etc..." under the keyword section. I don't think the url blocking works.

If you want greater control you can buy a router that is compatible with a third party firmware (DD WRT or Tomato). Both allow restrictions for P2P

The url blocking works for me (just tried it for fun at home) and the Linksys WRT54GS is compatible with dd-wrt and such.

Edit: I wouldn't do keyword blocking because if a important page needs to be visited and it happens to have the word or words "facebook, mspace, etc..." in the webpage due to a advertisement or is mentioned in a article or for whatever reason, that page cannot be viewed.

forbin4040

Senior Member - 8K

posted: Mar. 30, 2009 @ 1:45p

1. How did they get around the URL blocking?2. If you want some pc's open and some not you will either have to download Tomato or just buy a 2nd router and connect the 'unblocked' ones to it. (Which might cause different sharing problems).

jayK

Senior Member - JayK

posted: Mar. 30, 2009 @ 2:13p

jimmywalt said: I am NOT looking for advice on "Fire the person", "Tell them you know they are on these sites", "Disconnect their computer from the internet", etc. I am in need of a way (software or hardware) to just block this stuff from each computer.You are tying to resolve a social problem with a technical solution, and that usually doesn't work very well. If you block one site, people will just find a different site to waste time on.

That said, there are several commercial programs that do a pretty good job blocking sites. You'll have to pay for them though.

The people that work here wouldn't know about using a "proxy" to get past any blocks that I put in place, so I don't need to worry about that. I'm the only "computer tech" person here (and I'm not that great myself).All it takes is one computer-savvy friend to tell an employee how to use a proxy, and that knowledge will spread like wildfire throughout your organization.

marsilies

Senior Member - 3K

posted: Mar. 30, 2009 @ 3:10p

jimmywalt said: Thank you. From what I can tell in your post, it sounds like I would have to give a list of "approved" websites. I don't want to do that since there are trillions of websites on the net. What I would like to do is to block 4 or 5 websites.You're asking for a blacklist, which OpenDNS can do:http://www.opendns.com/support/article/39

For what you're asking, the blacklist will work. However, the whitelist feature may come in handy if you, say, use their "block adult sites" feature, only to find out there's a site OpenDNS considers "adult" that you want your users to have access to.

Hertzogg

Member

posted: Mar. 30, 2009 @ 3:11p

jayK said: ...people will just find a different site to waste time on.

I set-up OpenDNS, but now I can't get back to the router config page!!!!!!!!

It's a Netgear. Usually I can do routerlogin.net or 192.168.1.1 but neither will work right now. HELP!!!!

First you said you have a Linksys WRT54GS router. Now you say you have a Netgear router. Which one do you have? Netgear's default log in site 192.168.0.1 and Linksys's default log in site 192.168.1.1

jimmywalt

Senior Member - 6K

posted: Mar. 31, 2009 @ 9:45a

roadwarrior313 said:

First you said you have a Linksys WRT54GS router. Now you say you have a Netgear router. Which one do you have? Netgear's default log in site 192.168.0.1 and Linksys's default log in site 192.168.1.1

OOPS!!!! I posted this very quickly from home this morning and then realized in the car that the 2 routers are different brands. The Linksys is at the office, the Netgear is at home. I am locked out of the Netgear at home at this time (I had to rush out the door to get to work this morning). My only thought is to try to reboot the router and cable modem, and if that doesn't work I'll hit the reset pin on the router and resetup all the settings.

Thank you.

minidrag

Senior Member - 5K

posted: Mar. 31, 2009 @ 9:58a

DNS has nothing to do with router access. Changing the DNS settings in your router could not have caused this. Maybe you changed something else by accident?

DNS resolves names into numbers. When you go to an IP directly your DNS configuration isn't needed / used at all.

jimmywalt

Senior Member - 6K

posted: Mar. 31, 2009 @ 10:33a

minidrag said: DNS has nothing to do with router access. Changing the DNS settings in your router could not have caused this. Maybe you changed something else by accident?

DNS resolves names into numbers. When you go to an IP directly your DNS configuration isn't needed / used at all.

No. That was the only thing I changed. I followed OpenDNS instructions exactly.

I think I'll try unplugging the modem and router when I get home and trying it again. Usually I just type routerlogin.net in the IE address box and I don't have a problem. I could tell that I was still hooked up to the OpenDNS search website because that would come up after it didn't connect to the routerlogin.

riznick

Acrobatic

posted: Mar. 31, 2009 @ 12:20p

I should ban fatwallet from my network so that I become more productive.

drodge

Norton's Ghost

posted: Mar. 31, 2009 @ 8:43p

If the employees are tech savy, they can still get to the site by using the IP instead of the URL. As JayK said, this is an administrative issue. Unless you are willing to put in either a lot of money and/or a lot of time, you aren't going to be able to stop them. In most cases, you need senior management support to enforce the policy. It's a lot easier to use the technology to ensure people are following the policy than it is to try to use it to modify behavior.

jimmywalt

Senior Member - 6K

posted: Mar. 31, 2009 @ 9:05p

drodge said: If the employees are tech savy, they can still get to the site by using the IP instead of the URL. As JayK said, this is an administrative issue. Unless you are willing to put in either a lot of money and/or a lot of time, you aren't going to be able to stop them. In most cases, you need senior management support to enforce the policy. It's a lot easier to use the technology to ensure people are following the policy than it is to try to use it to modify behavior.

I agree with you both.

No, these people could't tell you what the letters IP stood for if you offered them a million dollars, nor would they have a clue how to get to a website using an IP address.

I'm looking into this OpenDNS thing more tonight at home (for our home network too), and will probably try to go down this path at work as well. It appears that this service will also give me a listings of URL's that have been visited. So if I see that instead of going to Myspace there are now 10,000 visits to JCPenney.com, then I'll block that site as well. Afterwhile I think the couple people that are abusing the system will get tired of it and either stop or quit their job.

Thanks though!

jayK

Senior Member - JayK

posted: Mar. 31, 2009 @ 9:21p

jimmywalt said: No, these people could't tell you what the letters IP stood for if you offered them a million dollars, nor would they have a clue how to get to a website using an IP address.But when they suddenly find that they can no longer access facebook from work, they will ask their tech-savvy friends and relatives how to get around it. They may not know what an IP address is, but I'm pretty sure they can follow instructions on how to add http://69.63.176.140/ as a favorite.

Never underestimate the motivation of a bored employee deprived of his or her facebook fix. This will end up taking a lot more of your time (and our time) than you think it will - trust me, I used to be on the black hat side of this battle in high school.

minidrag

Senior Member - 5K

posted: Apr. 1, 2009 @ 6:52a

jimmywalt said: minidrag said: DNS has nothing to do with router access. Changing the DNS settings in your router could not have caused this. Maybe you changed something else by accident?

DNS resolves names into numbers. When you go to an IP directly your DNS configuration isn't needed / used at all.

No. That was the only thing I changed. I followed OpenDNS instructions exactly.

I think I'll try unplugging the modem and router when I get home and trying it again. Usually I just type routerlogin.net in the IE address box and I don't have a problem. I could tell that I was still hooked up to the OpenDNS search website because that would come up after it didn't connect to the routerlogin.

You need to use the IP of your router. A name, like routerlogin.net, is going to resolve via OpenDNS and not work.

jimmywalt

Senior Member - 6K

posted: Apr. 1, 2009 @ 8:25a

jayK said: jimmywalt said: No, these people could't tell you what the letters IP stood for if you offered them a million dollars, nor would they have a clue how to get to a website using an IP address.But when they suddenly find that they can no longer access facebook from work, they will ask their tech-savvy friends and relatives how to get around it. They may not know what an IP address is, but I'm pretty sure they can follow instructions on how to add http://69.63.176.140/ as a favorite.

Never underestimate the motivation of a bored employee deprived of his or her facebook fix. This will end up taking a lot more of your time (and our time) than you think it will - trust me, I used to be on the black hat side of this battle in high school.

I hear what you are saying, but please remember that even though computer stuff is easy as heck for a lot of people on this forum, there are people (those that I work with), that would have NO CLUE about even Googling "Getting around OpenDNS". These people just don't have a clue what a DNS or an IP is. These are the same people that come to me and ask why their mouse isn't working (and it turns out that the ball inside is filled with dust, etc), or the people who will ask me how to change the ink cartridge in their deskjet printers over and over again. They are the same ones who look around the office for a phone book instead of using Google to get the number. These are not tech savy people. Most of them can turn the power button on the computer, do their jobs, and that's about it.

The worst I believe I would have to worry about is them wasting time on another website, which it appears OpenDNS will give me a log to view (and then to block).

Currently my issue is with two 30+ year old women who love to use the "social networking" sites. If I kill that off, then their only connection to their friends while at work would be via regular email or cell phone.

Thank you though for all your help and concern. I really appreciate it!

minidrag

Senior Member - 5K

posted: Apr. 1, 2009 @ 8:38a

I'm with jimmywalt on this one. Several of my clients are this way - if something doesn't work they either don't do it any more or ask me about it. If I tell them it can't be done or isn't supposed to be done they just stop trying. They simply don't care enough about the computers to try and learn anything about them.

riznick

Acrobatic

posted: Apr. 1, 2009 @ 12:14p

minidrag said: I'm with jimmywalt on this one. Several of my clients are this way - if something doesn't work they either don't do it any more or ask me about it. If I tell them it can't be done or isn't supposed to be done they just stop trying. They simply don't care enough about the computers to try and learn anything about them.I agree with both sides. I would say that more than half of my client users wouldn't attempt a workaround. If you can get rid of some of the common places where hours are lost, then great.

If they are going to goof off, though, they will find a way to goof off.

minidrag

Senior Member - 5K

posted: Apr. 1, 2009 @ 12:19p

I don't think anyone is trying to argue that. Just that in some places, with some people, nothing extraordinary is required.

jayK

Senior Member - JayK

posted: Apr. 1, 2009 @ 2:58p

minidrag said: I'm with jimmywalt on this one. Several of my clients are this way - if something doesn't work they either don't do it any more or ask me about it. If I tell them it can't be done or isn't supposed to be done they just stop trying.That's the key right there...a technical solution can work if it's combined with proper communication from management, including the consequences of violating internet access policies.

iRabbitt

Ancient Member

posted: Apr. 1, 2009 @ 4:43p

Tell those two to stop going to those sites and wasting company time and $$. Make them sign a paper saying they understand that they are not to go to these sites and if they are caught (by the tech regularly checking their computer) they will be sacked. Tell them that if there is any evidence of tampering with the computer history they will be fired. Then enforce it--no doubt there are plenty of others who would love to have their jobs in this economy. Your company is small enough to do this it seems and then word will spread to the others that you mean business.

Don't tell them how you're checking up behind them, just allude to your super-savvy-tech skills and they'll probably be scared enough.

jayK

Senior Member - JayK

posted: Apr. 2, 2009 @ 12:23a

Another alternative is to redirect all popular social networking sites to goatse on the two time-wasters' PCs. The problem should solve itself after that.

ellory

Be vewy vewy quiet

posted: Apr. 2, 2009 @ 9:29a

iRabbitt said: Tell those two to stop going to those sites and wasting company time and $$. Make them sign a paper saying they understand that they are not to go to these sites and if they are caught (by the tech regularly checking their computer) they will be sacked. Tell them that if there is any evidence of tampering with the computer history they will be fired. Then enforce it--no doubt there are plenty of others who would love to have their jobs in this economy. Your company is small enough to do this it seems and then word will spread to the others that you mean business.

Don't tell them how you're checking up behind them, just allude to your super-savvy-tech skills and they'll probably be scared enough.jimmywalt has received this advice from FW multiple times. He never takes it

jimmywalt

Senior Member - 6K

posted: Apr. 2, 2009 @ 8:14p

ellory said: iRabbitt said: Tell those two to stop going to those sites and wasting company time and $$. Make them sign a paper saying they understand that they are not to go to these sites and if they are caught (by the tech regularly checking their computer) they will be sacked. Tell them that if there is any evidence of tampering with the computer history they will be fired. Then enforce it--no doubt there are plenty of others who would love to have their jobs in this economy. Your company is small enough to do this it seems and then word will spread to the others that you mean business.

Don't tell them how you're checking up behind them, just allude to your super-savvy-tech skills and they'll probably be scared enough.jimmywalt has received this advice from FW multiple times. He never takes it

Yes Ellroy.

But in my question I asked for "TECHNICAL WAYS", not peoples opinions on what to tell the employees.

I wish it was as easy as you all make it sound. I'm sorry that I can't elaborate, but what you are asking is IMPOSSIBLE where we are employed. Let's just leave it at that.

I am VERY satisfied with OpenDNS and will be using that from our router. The problem will be solved as best as it possibly can be.

Thanks again everyone!!!!!

minidrag

Senior Member - 5K

posted: Apr. 2, 2009 @ 9:47p

jimmywalt said: I am VERY satisfied with OpenDNS and will be using that from our router.So what happened with your home router? Did you get back into it?

jimmywalt

Senior Member - 6K

posted: Apr. 3, 2009 @ 7:07p

minidrag said: jimmywalt said: I am VERY satisfied with OpenDNS and will be using that from our router.So what happened with your home router? Did you get back into it?

Yep. Power cycled the router and modem, then it let me do the 192.168.1.1 thing.

drodge

Norton's Ghost

posted: Apr. 3, 2009 @ 7:23p

Good luck. Without senior leadership support, a technical solution is your only hope. As others have said, they will simply find another way to waste time. Hopefully management will see that and take action. If not, there is nothing you can do.

jimmywalt

Senior Member - 6K

posted: Apr. 3, 2009 @ 7:34p

drodge said: Good luck. Without senior leadership support, a technical solution is your only hope. As others have said, they will simply find another way to waste time. Hopefully management will see that and take action. If not, there is nothing you can do.'

Let me explain further.... There are 12 people with a computer that work for this SMALL non-profit organization.

There isn't "management". There's an Executive Director, and about 4 other sub directors under that (of which I'm one).

Unfortunately being as small as we are, and having people with specialized skills, it's not as easy as saying "Just fire them for being on the internet".

I wish people could leave their "Corporate" mentality and understand we aren't some super huge corporation.

The 12 of us wear MANY, MANY different hats.

drodge

Norton's Ghost

posted: Apr. 3, 2009 @ 9:03p

I understand your situation and have worked in similar situations. The executive director is "senior leadership". In your case, he's probably the only one with the clout to make anything happen. If they aren't willing to make an issue out of the problem, then you are stuck with trying to solve it technically. Surely you can estimate the amount, if not log the exact amount, of time being spent on social sites and bring that to the ED. With only 12 people, it's hard to imagine that you can't convince them of the scope of the problem. If not, then there isn't much you can do.

drodge

Norton's Ghost

posted: Apr. 4, 2009 @ 10:22a

By the way, firing certainly isn't the only remedy. In fact, it seems pretty harsh if they are the first person who gets caught. I'm willing to bet if the ED puts out a strong policy, someone gets caught violating it, and they get a day off without pay, everyone else will sit up quickly and take notice. Most people ignore policies because they never see anyone else get caught and don't think they will either. Sometimes, just confronting them directly and letting them know that you know how much time they are wasting on unathorized sites will scare them into better behavior. Publically posting a log of who spends how much time on what sites so everyone else can see it can also work.

jayK

Senior Member - JayK

posted: Apr. 4, 2009 @ 11:10a

drodge said: I understand your situation and have worked in similar situations. The executive director is "senior leadership". In your case, he's probably the only one with the clout to make anything happen.I've also been in a similar situation when I worked at a very small company, but in my case, it was the president of the company who was the big time-waster, and part of my job was to fix his home computer (he worked primarily from home) when he would invariably pick up a virus from browsing questionable web sites.

Since I was a junior-level IT person at the time I couldn't do much about it myself, but the CIO noticed how much time I was spending supporting the president's PCs, and she had me keep track of that time so it could be charged back to the president's department. The president eventually had to explain this ever-increasing cost to the CFO and the board - I wasn't party to that discussion, but soon after I started tracking time the president hired an independent contractor to support his PC out of his own pocket.

It doesn't sound like these employees are causing too much extra work for you (unless you start playing whack-a-mole with a blacklist), but at small companies (where people are invariably overworked) the productivity of the company must be important enough to someone to put in place some kind of administrative solution. The solution may be as simple as assigning additional projects (perhaps a project to improve office productivity?) to the people who waste the most time.

Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.

FatWallet coupons help you save more when shopping online. Use our Coupons Search to browse coupons and offers from thousands of stores, gathered into one convenient location.

Forums
As part of our FatWallet Community, you can share deals with almost a million shoppers in our forums. Forum content is generated by consumers for consumers. Share deals, money-saving tips, and more. It's FREE, fun, and addicting.

Support
Our customer experience team is here around the clock - real people ready to assist.